Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.
Welcome to issue #5 of the Cloud Technology and Security Alert News Digest. Today we’ve got news about two major new cloud-optimized OS releases, an important set of patches for Docker, a peek inside AWS’ abuse detection operation and a critical discussion of expanding government powers.
Ubuntu to replace apt-get!
This one falls really close to our cloud computing home: Jon Brodkin at Ars Technica reports that Canonical – the sponsor behind Ubuntu – is planning to replace the apt-get package control system on its new Cloud-optimized Ubuntu Core distribution with something called “transactional updates.” The “Snappy” image-based update system will reportedly lead to faster and more stable software updates, partly because packages will now all live isolated from each other.
Is there anywhere the US government can’t reach?
In a digital world, do international borders still exist? The US government, when it demands access to data on offshore-based servers, seems to be advancing the argument that they do not. Ars Technica describes Mircosoft’s pushback over US court rulings as a fight over autonomy… but also for the commercial integrity of US-based tech companies.
New Docker patch
Security Week reports that Docker’s new 1.3.3 release patches a number of potential structural vulnerabilities in the platform. the exploits could be launched through a malicious Dockerfile or through a link or official image spoofing. Moral of the story: keep your systems patched!
Don’t try launching attacks using AWS computers
As a side point to the recent Sony hack, ZDNet reports on AWS’ denial that any of their cloud computers were used in a possible revenge Denial of Service attack against the hackers. Charlie Osborne and Zack Whittaker describe AWS’ detection system, including this AWS spokesperson’s statement: “AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse.”
Fedora 21 Cloud
Claiming that this might represent the future of Linux cloud computing, Steven J. Vaughan-Nichols over at ZDNet reviews the new Fedora release, including Fedora 21 Cloud – a version optimized for cloud deployments including for use as AWS AMIs. Besides running a streamlined, bloat-free base system, Fedora 21 Cloud also allows the creation of Fedora containers.
